Private data processing in a cloud-based environment

US 10,095,882 B2
Filed: 08/18/2014
Issued: 10/09/2018
Est. Priority Date: 09/17/2013
Status: Active Grant

First Claim

Patent Images

1. A method for securing data on a semi-trusted server, the method implemented on a computing device and comprising:

receiving on said semi-trusted server at least a current session key from a user device for use during a current session between said user and said semi-trusted server, wherein said current session key is a symmetric key for use on both said semi-trusted server and said user device during at least said current session for both encrypting data and for decrypting data encrypted with said current session key and, wherein the receiving the current session key is via a cloud-based communications forwarding path from the user device to the semi-trusted server;

decrypting user encrypted communications received on said semi-trusted server from said user device during said current session with said current session key, wherein said received user encrypted communications were encrypted on said user device with said current session key;

generating server encrypted communications by encrypting communications for said user device with said current session key on said semi-trusted server;

sending said server encrypted communications to said user device to be decrypted with said current session key on said user device;

generating encrypted personal data by encrypting personal data generated during said current session with said current session key on said semi-trusted server;

storing said encrypted personal data as stored encrypted personal data on said semi-trusted server;

upon completion of said current session, limiting access to said stored encrypted personal data by removing said current session key from accessible memory of said semi-trusted server, wherein said removing comprises overwriting a memory location for said current session key with random data;

receiving said current session key from said user device during a later session, wherein said later session is subsequent to said current session; and

decrypting said encrypted personal data on said semi-trusted server during said later session with said current session key.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method for securing data on a semi-trusted server is implemented on a computing device and includes: receiving at least a current session key from a user device for use during a current session, where the current session key is suitable for encrypting data and for decrypting data encrypted with the current session key, decrypting communications received from the user device during the session with said session key, encrypting with the session key at least one of communications to be sent to said user device and personal data generated during the session, storing the encrypted personal data, and discarding the current session key upon completion of the session, thereby limiting possible access to the stored encrypted personal data other than during the session. Related apparatus and methods are also described.

Citations

17 Claims

1. A method for securing data on a semi-trusted server, the method implemented on a computing device and comprising:
- receiving on said semi-trusted server at least a current session key from a user device for use during a current session between said user and said semi-trusted server, wherein said current session key is a symmetric key for use on both said semi-trusted server and said user device during at least said current session for both encrypting data and for decrypting data encrypted with said current session key and, wherein the receiving the current session key is via a cloud-based communications forwarding path from the user device to the semi-trusted server;
  
  decrypting user encrypted communications received on said semi-trusted server from said user device during said current session with said current session key, wherein said received user encrypted communications were encrypted on said user device with said current session key;
  
  generating server encrypted communications by encrypting communications for said user device with said current session key on said semi-trusted server;
  
  sending said server encrypted communications to said user device to be decrypted with said current session key on said user device;
  
  generating encrypted personal data by encrypting personal data generated during said current session with said current session key on said semi-trusted server;
  
  storing said encrypted personal data as stored encrypted personal data on said semi-trusted server;
  
  upon completion of said current session, limiting access to said stored encrypted personal data by removing said current session key from accessible memory of said semi-trusted server, wherein said removing comprises overwriting a memory location for said current session key with random data;
  
  receiving said current session key from said user device during a later session, wherein said later session is subsequent to said current session; and
  
  decrypting said encrypted personal data on said semi-trusted server during said later session with said current session key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1 and also comprising decrypting with said current session key said stored personal data associated with said user device.
  - 3. The method according to claim 1 and further comprising:
    - segmenting said stored encrypted personal data according to at least two encryption keys with which said encrypted personal data was encrypted, wherein said at least two encryption keys are said current session key and at least one previous session key, wherein said at least one previous session key had been previously provided by said user device as said current session key, and was replaced by said user device.
  - 4. The method according to claim 3 and also comprising:
    - receiving said at least one previous session key; and
      
      decrypting from at least one segment of said stored encrypted personal data that was encrypted with said at least one previous session key, wherein said removing also comprises removing said at least one previous session key.
  - 5. The method according to claim 1 wherein said semi-trusted server provides television broadcast services.
  - 6. The method according to claim 5 wherein said personal data is associated with a personalized electronic program guide (EPG).
  - 7. The method according to claim 1 wherein said semi-trusted server is a media content server.
  - 8. The method according to claim 1 wherein said semi-trusted server is part of a statistical analysis system or provides medical record sharing services.
  - 9. The method according to claim 1 and wherein said semi-trusted server is a cloud server.

10. A method for controlling access to personal data stored on a semi-trusted server, the method implemented on a computing device and comprising:
- sending a current session key associated with a current session from a client device to said semi-trusted server, wherein said current session key is a symmetric key for use during at least said current session on both said client device and semi-trusted server to encrypt and decrypt personal data associated with said client device, and wherein said semi-trusted server is configured to store encrypted personal data generated by encrypting said personal data with said current session key, wherein the sent from the client device current session key is via a cloud-based communications forwarding path from the client device to the semi-trusted server and, wherein upon completion of said current session, limiting access to said stored encrypted personal data by removing said current session key from accessible memory of said semi-trusted server, wherein said removing comprises overwriting a memory location for said current session key with random data;
  
  generating user encrypted communications by encrypting communications for said semi-trusted server during said current session with said current session key;
  
  sending said user encrypted communications to said server during said current session;
  
  decrypting server encrypted communications received during said current session from said semi-trusted server with said current session key, wherein said received server encrypted communications were encrypted with said current session key;
  
  facilitating decryption of said encrypted personal data during a later session by sending said current session key to said semi-trusted server, wherein said later session is subsequent to said current session;
  
  sending a previous session key to said semi-trusted server, wherein said previous session key is a previously used current session key and is suitable for use by said semi-trusted server to decrypt said encrypted personal data from a previous session; and
  
  receiving unencrypted personal data from said semi-trusted server, wherein said unencrypted personal data is derived from said previous session key and said encrypted personal data.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method according to claim 10 and also comprising:
    - limiting access to said encrypted personal data stored on said semi-trusted server by replacing said current session key from time to time.
  - 12. The method according to claim 11 wherein said replacing is per at least one of a user initiation on said client device, a periodic schedule or a random schedule.
  - 13. The method according to claim 10 and also comprising:
    - generating said current session key via a key ladder function.
  - 14. The method according to claim 10 and wherein said personal data represents a personalized electronic program guide (EPG).
  - 15. The method according to claim 10 wherein said semi-trusted server is a cloud server.

16. A system for securing data on a semi-trusted server comprising:
- means for receiving on said semi-trusted server at least a current session key from a user device for use during a current session between said user and said semi-trusted server, wherein said current session key is a symmetric key used on both said semi-trusted server and said user device during at least said current session for both encrypting data and for decrypting data encrypted with said current session key and, wherein the receiving the current session key is via a cloud-based communications forwarding path from the user device to the semi-trusted server;
  
  means for decrypting user encrypted communications received on said semi-trusted server from said user device during said current session with said current session key, wherein said received user encrypted communications were encrypted on said user device with said current session key;
  
  means for generating server encrypted communications and encrypted personal data by encrypting communications for said user device and said personal data generated during said current session with said current session key on said semi-trusted server;
  
  means for storing said encrypted personal data;
  
  means for sending said server encrypted communications to said user device to be decrypted with said current session key on said user device;
  
  means for limiting access to said stored encrypted personal data other than during said session by removing said current session key from accessible memory of said semi-trusted server upon completion of said current session, wherein said removing comprises overwriting a memory location for said current session key with random data;
  
  means for receiving said current session key from said user device during a later session, wherein said later session is subsequent to said current session; and
  
  means for decrypting said encrypted personal data on said semi-trusted server during said later session using said current session key.
- View Dependent Claims (17)
- - 17. The system according to claim 16 wherein said semi-trusted server is a cloud server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Waisbard, Erez, Schnaiderman, Anna
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Baum, Ronald

Application Number

US14/462,012
Publication Number

US 20150082019A1
Time in Patent Office

1,513 Days
Field of Search

713150
US Class Current
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

H04L 63/0435   wherein the sending and rec...

H04L 63/068   using time-dependent keys, ...

Private data processing in a cloud-based environment

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Private data processing in a cloud-based environment

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links